Introduction

In a previous post, I walked through the step-by-step process of setting up a LAMP stack and deploying WordPress on Ubuntu. While that approach is great for learning the fundamentals, it can be time-consuming—especially if you’re just looking to get a blog online quickly.

This post introduces a light-touch installer script that automates the entire process. With just a few prompts, it sets up Apache, PHP, MariaDB, WordPress, and SSL (via Let’s Encrypt, custom certificates, or self-signed), all tailored to your domain.

This is ideal for:

• First-time bloggers who want to self-host without diving into manual server configuration
• Developers with Azure credits looking to spin up a quick WordPress site
• Anyone who wants a secure, repeatable deployment with minimal effort

If you’re thinking about getting into blogging, this script is a great way to get started. It removes the technical barriers and gives you a fully functional WordPress site in minutes, ready for you to customize, write, and publish.

As a bonus, the script is designed to integrate with Azure Blob Storage, allowing you to set up automated backups as part of the overall install. This makes it not only fast and easy, but also resilient and cloud-ready.

What the Script Does

This script is designed to take the hassle out of setting up a WordPress site on Ubuntu. Instead of manually installing and configuring each component, it guides you through a few simple prompts and then handles the rest automatically.

Here’s what it takes care of for you:

LAMP Stack Installation

• Installs Apache, PHP, and MariaDB
• Enables essential Apache modules like ssl, rewrite, and headers
• Installs common PHP extensions required by WordPress

WordPress Deployment

• Downloads the latest version of WordPress
• Sets up the wp-config.php file with secure, auto-generated salts
• Creates a dedicated database and user with strong credentials
• Applies secure file permissions and disables file editing in the admin panel

SSL Configuration

You can choose from three SSL options:

• Let’s Encrypt – Fully automated certificate issuance and renewal
• Custom Certificates – Use your own .crt and .key files
• Self-Signed – Ideal for testing or internal use

If you choose Let’s Encrypt, the script even generates a temporary self-signed cert so Apache can start before the real cert is issued.

Apache Virtual Host Setup

• Creates a minimal, secure vhost for your domain
• Redirects all HTTP traffic to HTTPS
• Adds modern security headers (HSTS, CSP, X-Frame-Options, etc.)

Cloud-Ready with Azure

If you’re using Azure credits, this script is a great fit. It’s designed to work well on Azure VMs and can be extended to include automated backups to Azure Blob Storage, giving you peace of mind and data resilience.

What You Need

To run this WordPress installer script successfully, you’ll need a few basic components in place. These requirements are straightforward, and most are common to any self-hosted web application setup.

A Virtual Machine or Physical Server

The script is designed to run on Ubuntu (ideally version 22.04 or later). While you can use a local machine, it’s best suited for a cloud-hosted VM, such as one in Azure, AWS, or another cloud offering. Azure is a particularly good fit if you have credits available, as the script can be extended to support backup storage using Azure Blob Storage.

Open Ports 80 and 443

These ports must be open to allow web traffic and enable SSL certificates. Port 80 handles standard HTTP requests, while port 443 is used for secure HTTPS connections. If you’re using a cloud provider, make sure your network security group or firewall rules allow inbound traffic on these ports.

A Domain Name

You’ll need a domain name that points to your server’s public IP address. This can be something like www.yourdomain.com or blog.yourdomain.com. The script uses this domain to configure Apache and issue SSL certificates, so it must be properly set up in DNS before you begin.

SMTP Service for Email

WordPress relies on email for things like password resets and notifications. To ensure these features work, you’ll need an SMTP provider. Services like SMTP2GO are easy to configure and reliable for sending transactional emails from your server.

Blob Storage or Secure Backup URL

If you want to enable backups as part of your setup, you’ll need access to a cloud storage service. Azure Blob Storage works well, and you’ll need a secure access token or SAS URL to allow the script to upload backups automatically.

This setup ensures your WordPress site is secure, functional, and ready for production or personal use. Whether you’re launching a blog for the first time or deploying multiple sites, this script simplifies the process and gets you online fast.

How to Use the Script

Once your server is ready and meets the basic requirements, installing WordPress with this script is quick and straightforward. The script is interactive and will guide you through each step, asking for the necessary details to configure your site.

The script is located at andrew-kemp/SelfhostedWP on GitHub:

Step 1: Download the Script

Start by downloading the installer script directly from GitHub:

curl -fsSL https://raw.githubusercontent.com/andrew-kemp/SelfHostedWP/main/wp_install.sh -o wp_install.sh

curl -fsSL https://raw.githubusercontent.com/andrew-kemp/SelfHostedWP/main/wp_install.sh -o wp_install.sh

This command fetches the latest version of the script and saves it locally as wp_install.sh.

Step 2: Run the Script as Root

To ensure all services and configurations are applied correctly, run the script using sudo:

sudo bash wp_install.sh

sudo bash wp_install.sh

This will launch the installer and begin the guided setup.

Step 3: Follow the Prompts

The script will ask you for a few key details:

• Site hostname – A fully qualified domain name (e.g., www.yourdomain.com) that points to your server.
• Server admin email – Used for Apache configuration and SSL certificate registration.
• Web root directory – Defaults to /var/www/<hostname>, but you can change it.
• Database name and user – Suggested based on your domain, but customizable.
• Database password – You can provide one or let the script generate a secure password.
• SSL option – Choose between Let’s Encrypt, custom certificates, or a self-signed certificate.

If you choose Let’s Encrypt, the script will temporarily generate a self-signed certificate so Apache can start before the real certificate is issued.

Step 4: Let the Script Do the Work

Once you’ve entered the required information, the script will:

• Install Apache, PHP, MariaDB, and required extensions
• Download and configure WordPress
• Set up the database and user
• Configure Apache virtual hosts and SSL
• Apply secure file permissions
• Restart Apache and validate the configuration

Step 5: Complete WordPress Setup

After the script finishes, open your domain in a browser. You’ll be greeted by the WordPress setup wizard. From here, you can create your admin account, choose a site name, and start building your blog.

Passwords and Security Considerations

Security is a key part of any self-hosted setup, and this script is designed with that in mind. While it simplifies the deployment process, it’s important to understand how credentials are handled and stored so you can take appropriate steps to protect your environment.

Database Credentials

During installation, the script creates a dedicated MariaDB database and user for WordPress. You can either provide a password or let the script generate a secure one automatically. This password is stored in the wp-config.php file, which is required for WordPress to connect to the database.

Note: The database password is stored in plain text in wp-config.php. This is standard practice for WordPress, but it means that anyone with access to the file can view the credentials.

To reduce risk:

• Ensure wp-config.php is owned by www-data and has restricted permissions (644 or tighter).
• Avoid syncing or backing up this file without encryption.
• Never commit this file to version control.

SMTP Credentials and API Keys

If you’re using an SMTP service like SMTP2GO or SendGrid, you’ll need to configure WordPress to send emails using either a username/password or an API key. The script is designed to follow recommended best practices for securing these credentials:

• SMTP credentials are stored in configuration files that are not publicly accessible.
• You should ensure these files are readable only by the web server user (www-data) and not exposed to the internet.
• If you’re using API keys, treat them like passwords—never hard-code them into public scripts or repositories.

For added security, consider:

• Using environment variables to store sensitive values
• Encrypting configuration files before uploading them to cloud storage
• Leveraging secrets management tools if you’re deploying in a cloud environment

Backups and Encryption

If you’re backing up your site to Azure Blob Storage or another cloud provider, make sure any sensitive files—especially those containing credentials—are encrypted before upload. This can be done using tools like gpg, encrypted ZIP archives, or client-side encryption features offered by your storage provider.

Post-Installation: Reporting and Backups

Once the script completes the WordPress installation, it doesn’t just leave you guessing—it provides a clear summary and sends a report to your configured email address. This helps you keep track of the setup details and ensures you have a record of key credentials and configuration paths.

Email Report

At the end of the installation, the script uses your provided SMTP configuration to send a summary email. This includes:

• The site URL
• Document root location
• Apache virtual host file path
• Database name, username, and password (if auto-generated)
• SSL configuration details

This is especially useful if you’re managing multiple sites or want to keep a record of deployments for auditing or documentation purposes.

Note: Ensure your SMTP service (e.g., SMTP2GO or SendGrid) is correctly configured and reachable from the server. The script follows best practices for securely storing and using SMTP credentials, keeping them out of public directories and limiting access to the web server user.

Backup Functionality

The script also includes a backup mechanism designed to work with cloud storage—particularly Azure Blob Storage. Here’s how it works:

• It creates a compressed archive of your WordPress site files and database.
• The archive is securely uploaded to a specified Blob Storage container or URL using a secure access token (SAS).
• Backups are timestamped and stored in a structured format for easy retrieval.

This ensures that even if something goes wrong with your server, you have a reliable copy of your site and data stored offsite.

How Backups Run

Backups are triggered automatically as part of the installation process and can be scheduled later using a cron job. You can configure:

• Frequency (daily, weekly, etc.)
• Retention policy (e.g., keep last 5 backups)
• Storage location (Azure Blob, S3, or any HTTPS-accessible endpoint with write access)

This makes the setup not only fast and secure but also resilient.

Recommended Plugins

Once your WordPress site is up and running, it’s important to install a few key plugins to enhance security, improve functionality, and ensure your site operates smoothly. Here are my top recommendations:

Multi-Factor Authentication (MFA)

Security should be your first priority. Enabling MFA helps protect your admin account from unauthorised access, especially if you’re using a weak or reused password.

Recommended plugin:

• WP 2FA or Wordfence Login Security – Both support time-based one-time passwords (TOTP) and are easy to configure.

SMTP Email Integration

WordPress’s default email handling can be unreliable, especially on cloud-hosted servers. To ensure emails like password resets, contact form submissions, and notifications are delivered properly, use an SMTP plugin.

Recommended plugin:

• WP Mail SMTP – Supports services like SMTP2GO, SendGrid, Mailgun, and others.
• Configure it with your SMTP credentials or API key following best practices (e.g., using environment variables or secure config files).

Backup and Restore

Even though the script includes backup functionality, having a WordPress-level backup plugin adds another layer of protection and convenience.

Recommended plugin:

• UpdraftPlus – Supports scheduled backups to remote storage including Azure, Google Drive, Dropbox, and S3.

Security and Firewall

To harden your site further, consider a plugin that monitors for threats and blocks malicious traffic.

Recommended plugin:

• Wordfence Security – Offers firewall protection, malware scanning, and login security features.

Performance Optimization

To keep your site fast and responsive, especially on shared or cloud-hosted environments, caching and optimization plugins are essential.

Recommended plugin:

• WP Super Cache or W3 Total Cache – Both improve load times and reduce server strain.

Conclusion

Setting up a WordPress site on Ubuntu doesn’t have to be a manual, time-consuming process. This installer script streamlines everything—from installing the LAMP stack and configuring Apache, to deploying WordPress and securing it with SSL. It’s designed to be fast, secure, and cloud-friendly, making it ideal for personal blogs, small business sites, or even internal tools.

Whether you’re just starting out with blogging or looking to self-host your content using available cloud credits, this script gives you a reliable foundation. It also goes a step further by emailing you a full setup report and enabling automated backups to cloud storage, helping you maintain visibility and resilience from day one.

Security is built into the process, with careful handling of credentials, secure file permissions, and support for best practices around SMTP and API key management. And because it’s open and extensible, you can adapt it to suit your own hosting environment or workflow.

If you’ve been thinking about launching your own blog or want to simplify your WordPress deployments, this script is a great place to start. Give it a try, and let me know how it works for you—or what you’d like to see added next.